The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation, or sign-off of large scale (i.e. 'Enterprise') applications.

−

The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation or sign-off of large scale (ie 'Enterprise') applications.

+

The latest project information can be found here <nowiki>http://eas-sec.org</nowiki>

−

== Project purpose ==

+

== The purpose of the project ==

−

Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guidelines and tools for enterprise application security assessment.

+

Enterprise applications security is one of the major topics in overall security area because those applications control money and resources, and any security violation can result in significant money loss. The purpose of this project is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.

== Our Subprojects ==

== Our Subprojects ==

Line 13:

Line 16:

Here are our primary goals:

Here are our primary goals:

−

1 Aware people about enterprise applicatio security vulnerabilities by making an Annual statistics of enterprise business application security vulnerabilities.

4 Develop a free tools for Enterprise business applicatioons assessment

+

[[Enterprise Application Security Vulnerability Assessment]]

−

Subproject [[Enterprise Business Application Security Software]]

+

3 Help companies to securely develop and customize business applications

−

<br>

+

[[Enterprise Application Security Development Issues]]

== Project Roadmap ==

== Project Roadmap ==

Have a look at the [[OWASP Enterprise Application Security Project/Roadmp]]

Have a look at the [[OWASP Enterprise Application Security Project/Roadmp]]

−

−

==== Statistics ====

−

−

== Objective ==

−

−

This document is the first statistics report which will be repeated annually with showing tendencies and changes in Enterprise Business Application Security area.

−

−

== Purpose ==

−

−

This document we will show a result of statistical research in the Business Application security area made by DSECRG and OWASP-EAS project. The purpose of this document is to raise awareness about Enterprise Business Application security by showing the current number of vulnerabilities found in those applications, how critical are those and what tendences we see.

−

−

== Intro ==

−

−

Business applications like ERP, CRM, SRM and others are one of the major topics within the field of computer security as these applications store business data and any vulnerability in these applications will cause a significant monetary loss. Nonetheless people still don’t pay much attention to Enterprise Business Application area as we see during our and our collegues research and audit data. Business applications are very large and complex systems that consists of different components such as Database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Overall security of Enterprise Business Application consists of different layers such as: • Network architecture security • Os security • Database security • Application security • Front-end security

−

−

Every described layer may have their own vulnerabilities that can give attacker full access to business data even if other layers are fully secured. In this document all the popular applications from described levels and their vulnerabilities vill be shown. The purpose of this document to Increase awareness of Business Application security.

This document we will describe different areas of programm vulnerabilities that can be found in Enterprise Business applications and ERP systems.

−

−

== Purpose ==

−

−

The purpose of this document to Increase awareness for Developers of Enterprise business application software. Here we will collect top software vulnerabilities in server site and frontend side that can exist in Business applications.

−

−

== Intro ==

−

−

There are many different languages and technologies that can be used for developing business applications and writing a costom code. Here we will try to categorize it firstly by dividing into Server and Client site. Top 10 list of vulnerabilities for both areas will be shown.

−

−

<br>

−

−

== Main ==

−

−

Crosslinks to CWE SANS OWASP and risks with descriptions will be added soon.

This document we will describe different areas of Secure implementation of g Enterprise Business Applications and ERP systems. Here we will mainly focus on security architecture and configuration threads because pragramm errors are well described in "Software vulnerabilities" topic

−

−

== Purpose ==

−

−

The purpose of this document to Increase awareness for Administrators of Business Application security and help them to start a beginning self-assessment of their systems and find a most critical violations.

−

−

== Intro ==

−

−

Enterprise Business Applications (Like ERP - is any software system that has been designed to support and automate the business process of medium and large business) are very large systems that consists of different components such as database server, Front-end, Web server, Application server and other parts. Also those systems lay on different Hardware and software that can have their own vulnerabilities. Every described layer may have their own vulnerabilities and misconfigurations that can give attacker full access to business data even if other layers are fully secured.

−

−

All information was collected and catecorized during our big practice of security assessing Popular business applications Like in SAP ERP, Oracle E-Business Suite, Oracle Peoplesoft, JD-Edwards and other less known or custom applications.

−

−

<br>

−

−

== Main ==

−

−

Overall security of Enterprise Business Application consists of different layers such as: • Network architecture security • Os security • Database security • Application security • Front-end security In this document we will Describe top 10 violations on every layer of Enterprise Business Application that can be easily assessed and mitigated.

Latest revision as of 03:38, 29 November 2017

Main

Objective

The OWASP Enterprise Application Security Project (OWASP-EAS) exists to provide guidance to people involved in the procurement, design, implementation, or sign-off of large scale (i.e. 'Enterprise') applications.

The latest project information can be found here http://eas-sec.org

The purpose of the project

Enterprise applications security is one of the major topics in overall security area because those applications control money and resources, and any security violation can result in significant money loss. The purpose of this project is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.

Project Roadmap

Project About

PROJECT INFOWhat does this OWASP project offer you?

RELEASE(S) INFOWhat releases are available for this project?

what

is this project?

Name: OWASP Enterprise Application Security Project (home page)

Purpose: Enterprise applications security is one of the major topics in overall security area because those applications controls money and resources and every security violation can result a significant money loss. Purpose of this project is to aware people about enterprise application security problems and create a guideline for EA security assessment.